eDiscovery Daily Blog

Free Trojans with Your Document Production: eDiscovery Trends

By “trojans”, I mean “malware”, not the other type of “trojans”… 🙂

An Arkansas lawyer representing three Fort Smith police officers in a whistleblower case is seeking sanctions after his computer expert found malware on an external hard drive supplied in response to a discovery request, according to a story by the Northwest Arkansas Democrat Gazette.

According to the story, Attorney Matthew Campbell in North Little Rock has been representing three current and former Fort Smith police officers in the lawsuit since January 2014. He requested emails from the Fort Smith Police Department, and Sebastian County Circuit Judge James O. Cox ordered on May 9, 2014, that they be provided to Campbell as part of discovery in the case. The documents were produced in June 2014. It’s how they were produced that aroused Campbell’s suspicion.

Douglas Carson, the attorney representing Fort Smith and its Police Department, sent Campbell a computer hard drive with the production by Federal Express. According to the story, Campbell said the defendants normally had provided him with requested documents via email, the U.S. Postal Service or through a cloud-based Internet storage service.

So, Campbell decided to have his information technology expert, Geoff Mueller of Austin, Texas, check out the drive first. Guess what he found? Four “Trojans,” one of which was a duplicate.

A “trojan” or “trojan horse” appears to be a legitimate program which unleashes the malware when you are tricked into running it. They can be quite tricky as I reported a few years ago when it happened to me.

“One would have kept my Internet active even if I tried to turn it off, one would have stolen any passwords that I entered in, and the other would have allowed the installation of other malicious software,” Campbell said. “It’s not like these are my only clients, either. I’ve got all my client files in my computer. I don’t know what they were looking for, but just the fact that they would do it is pretty scary.”

In an affidavit filed with the motion Friday, Mueller stated: “Upon informing Mr. Campbell of the presence of these Trojans, he provided me with information that the Fort Smith Police Department claimed to be running a secure system with real-time virus and malware protection. In my experience, if the FSPD system is actually as described, these Trojans would not exist on the system.”

Mueller said the placement of the Trojans in a subfolder named “D:Bales Court Order,” and not in the root directory, “means the Trojans were not already on the external hard drive that was sent to Mr. Campbell and were more likely placed in that folder intentionally with the goal of taking command of Mr. Campbell’s computer while also stealing passwords to his account.”

In addition to the malware found on the drive, Campbell’s motion for sanctions alleges that entire email accounts were deleted, that emails which could have been recovered were purged from the system, and that emails which were previously provided in response to Freedom of Information Act (FOIA) requests had improper deletions. Campbell also states in the motion that the police department’s IT specialist attended a convention ten days after the court granted Campbell’s motion to compel evidence last May. According to Campbell, the expert took classes on secure data deletion, whistleblower investigation and monitoring employee activity, but did not take classes offered on eDiscovery and preservation of evidence.

Campbell is asking for a default judgment for his clients and that the defendants be held in criminal contempt of court, among other sanctions.

So, what do you think? Do you check data produced to you for the presence of malware? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

print